Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
CVE-2026-23529
  • github.com/aiven-open/bigquery-connector-for-apache-kafka
 Arbitrary File Read in Google BigQuery Sink connector 5 hours ago
  • Fix available
  • Severity - 7.7 (High)
CVE-2026-23528
  • github.com/dask/distributed
 Dask distributed Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard 5 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
CVE-2026-23523
  • github.com/openagentplatform/dive
 Dive allows One-click Remote Code Execution through Deep Links for MCP Install 5 hours ago
  • Fix available
  • Severity - 9.6 (Critical)
CVE-2026-22782
  • github.com/rustfs/rustfs
 RustFS RPC signature verification logs shared secret 6 hours ago
  • Fix available
  • Severity - 2.9 (Low)
CVE-2026-22864
  • github.com/denoland/deno
 Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass 23 hours ago
  • Fix available
  • Severity - 8.1 (High)
CVE-2026-22863
  • github.com/denoland/deno
 Deno node:crypto doesn't finalize cipher 23 hours ago
  • Fix available
  • Severity - 9.2 (Critical)
CVE-2026-22045
  • github.com/traefik/traefik
 Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall 23 hours ago
  • Fix available
  • Severity - 5.9 (Medium)
CVE-2025-68671
  • github.com/treeverse/lakefs
 lakeFS is Missing Timestamp Validation in S3 Gateway Authentication 23 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
CVE-2026-23622
  • github.com/alextselegidis/easyappointments
 CSRF Protection Bypass: Sensitive endpoints accept GET requests, enabling admin account takeover yesterday
  • No fix available
  • Severity - 7.4 (High)
CVE-2026-23527
  • github.com/h3js/h3
 Request Smuggling (TE.TE) in h3 v1 yesterday
  • Fix available
  • Severity - 8.9 (High)
CVE-2026-23520
  • github.com/getarcaneapp/arcane
 Arcane has a Command Injection in Arcane Updater Lifecycle Labels Enables RCE yesterday
  • Fix available
  • Severity - 9.0 (Critical)
CVE-2026-23519
  • github.com/rustcrypto/utils
 RustCrypto cmov: thumbv6m-none-eabi compiler emits non-constant time assembly when using cmovnz yesterday
  • Fix available
  • Severity - 8.9 (High)
CVE-2026-23511
  • github.com/zitadel/zitadel
 ZITADEL has a user enumeration vulnerability in Login UIs yesterday
  • Fix available
  • Severity - 5.3 (Medium)
CVE-2026-22775
  • github.com/sveltejs/devalue
 devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse yesterday
  • Fix available
  • Severity - 7.5 (High)
CVE-2026-22774
  • github.com/sveltejs/devalue
 devalue vulnerable to denial of service due to memory exhaustion in devalue.parse yesterday
  • Fix available
  • Severity - 7.5 (High)
CVE-2026-22249
  • github.com/docmost/docmost
 Docmost affected by an Arbitrary File Write via Zip Import Feature (ZipSlip) yesterday
  • Fix available
  • Severity - 7.1 (High)
Load more...